1. General Questions

Q1.01: Is BalanceNG available for other platforms ?

BalanceNG is currently available for Linux/x86,
Solaris 9+10 (SPARC) and Solaris 10 (x86) .
The agent of BalanceNG (bngagent) is available in source and is supported on several
platforms (Linux, Solaris, Mac OS-X, HP-UX and more).

Q1.02: How is BalanceNG related to balance ?

BalanceNG and Balance are both from the same company.
Besides of that there's no further relationship between Balance and BalanceNG.
BalanceNG is a complete Layer2/Ethernet based load balancer for Linux, whereas Balance
is a TCP only proxy tool with load balancing capabilities. BalanceNG and Balance do not share
code since the design approaches differ substantially.
Anyway, the Balance project will be continued as before (see
http://balance.sourceforge.net).

No, we don't think so. It's quite the contrary: With BalanceNG you are able to replace
hardware devices (Like Nortel/Alteon, Cisco/LocalDirector and BigIP/F5) that easily cost
more than 10000.-- EUR/$ per node.

Q1.06: Are there alternative products from other vendors ?

"Central Dispatch" from Resonate appears to be a software competitor (noticed by customer which has
moved to BalanceNG).
In the open source community there's Linux Virtual Server (LVS),
check www.linuxvirtualserver.org for
information.
There's also Keepalived which represents a
keepalive and health checking facility for LVS.
There are several companies which sell preconfigured boxes based on LVS.

Q1.07: What are the main advantages of BalanceNG compared to a LVS/Keepalived combination ?

BalanceNG is available for multiple operating system platforms (Linux and Solaris SPARC/x86).

BalanceNG installation and setup is reported to be much easier and quicker.

There's no Linux kernel patching or kernel rebuilding necessary, which saves
a lot of time and trouble.

Q1.08: Are there references ?

Take a look at the Customers page, we
included links to the most promiment customers.
A nice live example is www.nieuws.nl, one of the biggest news
portal sites in the Netherlands. BalanceNG in a HA-configuration distributes the load of up to 5 million
hits per month to a server farm. The session table holds more that 10000 concurrent sessions
at low traffic hours.

Q1.09: Is there a Web GUI available ?

No, we don't offer our own Web GUI.
However, we encourage and support
interested users and partners to build their own.
Just contact us to get some recommendations and hints.

Q1.10: Which configuration do you recommend for beginners ?

We recommend to setup a DSR (Direct Server Return) configuration first, since that
does not require network topolgy changes and fits well into already existing networks.
The loopback aliases have to be established correctly on the targets, but that is
manageable and well documented.

Q1.11: Does BalanceNG support SSL offloading ?

No, BalanceNG itself does not include this functionality. We recommend
using BalanceNG is a combination with stunnel on the target servers
(where stunnel may use acceleration hardware) thus "offloading" the SSL efforts
to multiple stunnels.

There's a bngagent implementation available as a customer contribution (without
warranty and support), take a look into the "contrib" directory of the distribution.
It's called "BngAgentService" and implements a Windows Service which integrates into
the Windows operating system. It is implemented in Delphi 7 (Object Pascal), source
code is also provided.

Please check if you are hit by the "Linux ARP flux" problem. Linux answers ARP requests on
wrong and unassociated interfaces per default. This leads to the following two problems:

ARP requests for the loopback alias address are answered on the HW interfaces (even if NOARP on lo0:1 is set).

If the machine is connected twice to the same switch (e.g. with eth0 and eth1)
eth2 may answer ARP requests for the address on eth1 and vice versa in a race condition manner
(confusing almost everthing).

Only "Internet Protocol" needs to be selected (remove selection of
"Client for MS Networks" and "File and Printer sharing")

TCP/IP Properties->enter IP address of virtual server (the same address as in the BalanceNG
server ipaddr definition)

do not enter a default gateway

Advanced->Set Interface Metric to 254 (this step is important to stop ARP responding)

OK and save all changes.

Q2.15: Can BalanceNG load balance TFTP traffic ?

Yes, that works with no problems by not specifying ports at server and target definitions
("all service load balancing" like in conf001.txt).

Q2.16: Can BalanceNG load balance ftp over SSL traffic (FTPS) ?

Yes, that's also working with BalanceNG in a "all service load balancing" configuration.
It turned out that BalanceNG worked over big name hardware vendors like Cisco and Nortel
in that case !

Q2.17: How do I specifically route back server traffic to the Load Balancer (setup "Source Routing" on Linux) ?

In practice there are several situations, where a specific routing configuration is needed to route
only the traffic related to the service from the target back to the load balancer. This can be done with
Linux using iptables and the iproute2 functionality. The following script has to be run on the target
and assumes an apache server listening on port 80 on the target IP address 10.1.1.1. The
addresses 10.1.1.10 and 10.1.1.11 in this example are the "network real" addresses of the
master and backup node,
respectively. The address 10.1.1.20 in this example
is the "network virt" address represented by both nodes using VRRP and may be reachable via eth1.

This technique is also often being referenced as "source routing", since the source address (and port)
information is used to determine the "next hop" for routing.

The basic ideas of this approach are:

The OUTPUT chain is used to influence locally generated traffic.

The special "mangle" table is used to mark outgoing packets with --set-mark.

The health check source addresses are exempted by the first two lines.

A special extra routing table www.out is created with iproute2.

Packets marked by iptables are specifically routed to the "network virt" address
represented by both nodes using VRRP.

Here the script contents ready to be run on startup (change addresses accordingly):

The option "-q" keeps wget quiet with no output, "-O /dev/null" ignores the contents received,
"-t 1" specifies that the access is tried just once per call and "-T 2" specifies a timeout of 2 seconds.

Q2.19: What's important to run BalanceNG on VMware ?

BalanceNG needs the ability to operate the connected, physical interfaces in promiscuous mode. In a VM setup this
requires that the VM has the permission to do that in turn. The solution is to either run the VM as root or to set
the permissions of /dev/vmnet* doing a "chmod go+rw /dev/vmnet*" on the vmware
host before starting the VM.

Additionally, the following line needs to be present in /etc/snmp/snmpd.conf in order to
establish the interface between snmpd and BalanceNG:

pass .1.3.6.1.4.1.2771.1 /sbin/bng

Note: There's no need to change /etc/default/snmpd anymore with 2.226 and above (snmpd runs now as user snmp).

A typical "snmpget" command line looks like this:

snmpget -v1 -c public localhost .1.3.6.1.4.1.2771.1.1

A complete "snmpwalk" of the BalanceNG 2.x MIB can be invoked like this:

snmpwalk -v1 -c public localhost .1.3.6.1.4.1.2771.1

The BALANCENG-MIB may be copied to the /usr/share/snmp/mibs directory
(for Ubuntu/Debian Linux). The following environment variable setting
makes all MIBs in this directory available to the snmpd tools:

Q2.24: How do I activate session table synchronization with newer releases ?

BalanceNG with relase 3.562 and higher does now use VRRP v3 according to RFC 5798 per default.
In order to enable session table synchronization you need to active the bngsync
protocol as shown in this example: Example 17 (Activating Session Table Synchronization with bngsync).
The use of session table synchronization with non standard VRRP v2 packets is deprecated.